National security scheme - ENS

Introduction

People are relying on services available electronically lend themselves in conditions of security equivalent to those who are close to personally administration offices. Furthermore, much of the information contained in the information systems of the AA.PP. and services are national strategic assets. The information and services are subjected to threats and risks from motivated actions or illicit, errors or mistakes and accidents or disasters.

The national security Scheme (NHIS)
, regulated by the Royal Decree 3 / 2010, of January 8th
determines the security policy to be applied in the use of electronic media. The ENS consists of the basic principles and minimum requirements for adequate protection of information. Will be implemented by the AA.PP. to ensure access, integrity, availability, authenticity, confidentiality, traceability and preservation of data, information and services used in electronic means that efforts in the exercise of its powers.

The ENS has been formulated by the light of the state of the art and the main referents in safety of information from the European Union, OCDE, national and international standardization, like in other countries, etc.

The ENS is the result of a work coordinated by the ministry of the presidency, currently assumed by the Ministry of Territorial Policy and Public Function, with the support of the National PKIX Centre (CCN) and the participation of all the AA.PP., through the collegiate bodies with responsibilities for electronic administration. They have been designed with the view of industry associations TIC sector.

Goals

The national security Scheme (NHIS) has the following objectives:

Create conditions
confidence in the use of electronic media, through measures to ensure the security of the information and electronic services, which allows citizens and public administrations, the exercise of rights and duties through these means.

Establish security policy
in the use of electronic media in the area of the law 11 / 2007, which shall be composed of the basic principles and minimum requirements for adequate protection of information.

Enter the common elements
to guide the performance of public administrations in safety of information technologies.

Make a common language
to facilitate interaction of public administrations, as well as the communication of the requirements of information security industry.

Contribute a homogeneous treatment
security that facilitate cooperation in the provision of services of electronic administration when participating various entities.

Facilitate a continuous treatment security
.

In the national security Scheme is conceived security as an integral activity, in which there can be no action punctual or cyclical treatments, due to the weakness of a system is determined by its point more fragile and often this point is the coordination between individual measures appropriate but poorly assembled.

Elements of the national security Scheme

The main elements of ENS are as follows:

The basic principles
to consider in decisions on security.

The
minimum requirements
allow adequate protection of information.

The mechanism for achieving compliance with the basic principles and minimum requirements through
the adoption of security measures provided
the nature of the information and services to protect.

The
electronic communications
.

The
audit of safety
.

The
security incident response
.

The
security certification
.

The
line
.

The main aspect of ENS is, without doubt, that all the higher bodies of the AA.PP. must have its security policy to be established in base to the basic principles and will run through the minimum requirements.

Scope

Its scope is set in the
article 2 of the Law 11 / 2007
of 22 June, electronic access of citizens to services Públicos.estarán excluded systems dealing with classified information regulated by law 9 / 1968 of 5 April, on official secrets, amended by Law 48 / 1978, 7 October and implementing rules.

Alignment with national security Scheme

In the interim provision of
Royal Decree 3 / 2010
articulates a phased mechanism to adjust to foreseen in the national security Scheme so that the systems of administrations must be appropriate to this scheme in timelines in no case exceeding 48 months since the entry into force of the same. the term of adequacy has expired on 30 January 2014.

The adequacy ordered to national security Scheme requires the treatment of the following issues: